A flat, unsegmented network is difficult to defend because if an attacker gains access to the network, the attacker can move laterally throughout the network and compromise critical systems. This is especially true inside the data center, where enterprises store their most valuable assets. Old segmentation methods such as VLANs and ACLs don’t scale well, are difficult to automate, and don’t take into account users, content, or applications, so they provide little control over traffic and little visibility into traffic.

Create a segmentation strategy that results in more granular access control to data center resources, which gives you better visibility into traffic. The more granular your segmentation strategy, the more visibility into traffic you gain because traffic must traverse a firewall (segmentation gateway) as it flows between segments. Segmentation also makes compliance and compliance audits easier because you can control access to sensitive, personal, and mission-critical data at a very granular level and allow only necessary access to that data. This protects the data and reduces the scope of audits.

Your data center segmentation strategy depends on your architecture and your business goals, so there is no “one size fits all” implementation. However, learning common guidelines enables you to design and implement a segmentation strategy to protect your data center network and its valuable information.